fix(gateway): correct ECDSA key usage and dispose CertificateRequest

Drop KeyEncipherment from the self-signed cert's key-usage extension — it
is semantically wrong for ECDSA (RSA key-transport only); DigitalSignature
alone is correct for TLS 1.3 / ECDHE server certs.  CertificateRequest is
unchanged (not IDisposable in .NET 10).  Test now also asserts MachineName,
127.0.0.1 and IPv6 loopback are present in the SAN extension.

src/ZB.MOM.WW.MxGateway.Server/Security/Tls/SelfSignedCertificateProvider.cs

@@ -39,7 +39,7 @@ public sealed class SelfSignedCertificateProvider
 
         request.CertificateExtensions.Add(new X509BasicConstraintsExtension(false, false, 0, true));
         request.CertificateExtensions.Add(new X509KeyUsageExtension(
-            X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment,
+            X509KeyUsageFlags.DigitalSignature,
             critical: true));
         request.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(
             [new Oid(ServerAuthOid, "Server Authentication")],